sshd fails to start - undefined symbol: EVP_KDF_ctrl

Viktor Dukhovni openssl-users at
Wed Nov 13 19:08:33 UTC 2019

On Wed, Nov 13, 2019 at 01:47:31PM -0500, SP wrote:

> Following an OS upgrade of the server I have been unable to start sshd
> service.  On this server some software is upgraded from the OS packages
> whereas others are manually built.  Openssl is manually built from source.
> After the upgrade of the OS the error message I get when starting sshd is
> sshd: undefined symbol: EVP_KDF_ctrl, version OPENSSL_1_1_1b The version I
> was running was openssl.1.1.1a I then replaced it with openssl.1.1.1d hoping
> it would resolve the problem.  It did not.  I  would be grateful for any
> pointers as to how I can resolve this.

OpenSSL from (upstream) has never had EVP_KDF_ctrl in
the OpenSSL 1.1.1 release branch.  That function briefly appeared
in the 3.0.0 development (master) branch, but has since been replaced.

Whoever built your SSH packages used a custom verson of OpenSSL.
You really SHOULD NOT replace system packages (like OpenSSL) with
your own builds, unless you're willing and able to ensure ABI
compatibility with the vendor build.

It is safer to install any custom copy of OpenSSL in a non-default
location (I use /opt/openssl/1.1), and give the shared libraries
in such copies non-default SONAMEs so as to avoid conflict.


More information about the openssl-users mailing list